Tag Archives: server

How to setup vsftpd FTP on Ubuntu Linux

vsftpd is a GPL licensed FTP server for UNIX systems, including Linux. It is secure and extremely fast.
Using this instructions, you can set up vsftpd on variuos linux distros. This tutorial will show you how to set up your own ftp in Ubuntu Linux.

1. Install vsftpd

sudo apt-get install vsftpd

2. Change the configurations file
Open the vsftpd.conf configuration file with a text editor. The file is located in the /etc directory.

sudo joe /etc/vsftpd.conf

Once you are editing the file, you’ll want to make a few changes. Change this:

anonymous_enable=YES

To this:

anonymous_enable=NO

This will disallow anonymous access to your FTP server. Unless you have a really good reason for permitting anonymous access, and you know what you’re doing in terms of network security, I’d recommend leaving the anonymous access off. Especially if your Ubuntu FTP server is sitting on the Internet.

Of course, with anonymous access off, you’ll need to permit local users to log in. Do this by changing this directive:

#local_enable=YES

To this:

local_enable=YES

(Putting a # in front of a line disables it; this is called “commenting it out”.)

3. Adding a “fake” shell
Edit the /etc/shells file and add a non-existent shell name like /bin/false, for example. This fake shell will limit access on the system for FTP users.

sudo joe /etc/shells
# /etc/shells: valid login shells
/bin/sh
/bin/bash
/bin/false

/bin/false is our added no-existent shell. With Red Hat Linux, a special device name /dev/null exists for purposes such as these.

4. Setup an FTP user account
It’s important to give to your strictly FTP users no real shell account on the Linux system. In this manner, if for any reasons someone could successfully get out of the FTP chrooted environment, it would not have the possibility of executing any user tasks since it doesn’t have a bash shell. First, create new users for this purpose.
This has to be separate from a regular user account with unlimited access because of how the chroot environment works. Chroot makes it appear from the user’s perspective as if the level of the file system you’ve placed them in is the top level of the file system.
Use the following command to create users in the /etc/passwd file. This step must be done for each additional new user you allow to access your FTP server.

sudo mkdir -p /home/ftp/ftpuser
sudo useradd ftpuser -d /home/ftp/ftpuser/ -s /bin/false
sudo passwd ftpuser

– The mkdir command will create the ftp/ftpuser directory under the /home directory to handle all FTP users’ home directories we’ll have on the server.
– The useradd command will add the new user named ftpuser to our Linux server.
– Finally, the passwd command will set the password for this user ftpuser.

Once you’ve made these changes, restart the vsftpd service with this command:

sudo /etc/init.d/vsftpd restart

5. Override config option specified in the manual page, on a per-user basis (optional)
If you want to make custom changes in the behaviour of the ftp server on a per-user basis, you should know that vsftpd has a powerful option that allows you to do this.
If you set user_config_dir to be /etc/vsftpd_user_conf and then log on as the user “chris”, then vsftpd will apply the settings in the file /etc/vsftpd_user_conf/chris for the duration of the session. The format of this file is detailed in the manual!
Please note that not all settings are effective on a per-user basis. For example, many settings only prior to the user’s session being started. Examples of settings which will not affect any behviour on a per-user basis include listen_address, banner_file, max_per_ip, max_clients, xferlog_file, etc.

Monitor your downtime


easy.MEDIA launched a website monitoring service (www.e-nagios.com) based on nagios.
The service offers SMS/Email notification to meet your need for mobility.
The servers/websites will be crossed-monitored to avoid false alarms.

Installing NoMachine NX on Ubuntu 7.10

NX allows you to run remote X11 sessions even across slow or low-bandwidth network connections, making it possible to start sessions from clients running on Windows, Linux, Mac OS X and Solaris platforms to servers running, at present, on Linux or Solaris. Note that development for extending server support to Windows and Mac OS X platforms is in progress.

NX, thanks to exclusive X protocol compression techniques and an integrated set of proxy agents, improves the power of the X Window System to transparently run graphical desktops and applications through the network, by reducing round-trips and implementing strict flow-control of data traveling through low-bandwidth links. Even on slow or low-bandwidth network connections, you can get impressive performance thanks to NX’s lazy encoding algorithm and NX’s capability to automatically tune itself to network bandwidth and latency parameters.

Moreover, NX also can connect to remote RDP and VNC servers, relying on the rdesktop and TightVNC clients by encapsulating the RDP or RFB session within the X11 session.

Here’s a screenshot:

Diagrams showing how NX works. (Copyright NoMachine)

Session shadowing

Desktop sharing

An X11 session

Look at the screenshots below to find out how to get started with NX:

First download the files for the server from here.

For Ubuntu, use NX Free Edition for Linux DEB – i386.

You’ll need to download three files: client, node and server.

Change your working directory to the location where you saved the package and install it by running from a console:

For detailed instructions on how to install the NX Client, NX Node and NX Server packages, please look here.
sudo dpkg -i nxclient_3.1.0-2_i386.deb
sudo dpkg -i nxnode_3.1.0-3_i386.deb
sudo dpkg -i nxserver_3.1.0-2_i386.deb

After installing the server, on your Windows computer, download nxclient for Windows and install it.

Once it’s installed, run it, and enter the IP address of your Linux computer to connect, give it a session name for your own reference, and choose your connection speed.

Here you can download the manual or you can view it online here.

HOWTO: Create a FTP server with user access (proftpd)

A. The GUI way (for beginners only)

For those who are new to linux and don’t want to use a FTP server without GUI, or just for those who don’t use often their FTP server and wish to set it
quickly without a high level of security, there is a GTK GUI for proftpd.
Be careful, it’s less secure than configuring yourself your server.

1. Install proftpd and gproftpd with synaptic or with this command:
Code:

sudo apt-get install proftpd gproftpd

2. Play with the GUI and set up quickly your server.

Feel free to post here if you have some problems with gproftpd but it shouldn’t be too hard to use (it took me 2 minutes to set up a small FTP server ).

B. The secure way

1. Install proftpd with synaptic or with this command:
Code:

sudo apt-get install proftpd

2. Add this line in /etc/shells file (sudo gedit /etc/shells to open the file):
Code:

/bin/false

Create a /home/ftp directory:
Code:

cd /home
sudo mkdir ftp

Create a user named ftp_user which will be used only for ftp access. This user don’t need a valid shell (more secure) therefore select /bin/false shell
for ftp_user and /home/ftp as home directory (property button in user and group window).
To make this section clearer, i give you the equivalent command line to create the user, but it would be better to use the GUI (System -> Administration -> User -> Group) to create the user since users here often got problems with the user creation and the password (530 error) with the command line, so i really advice to use the GUI :
Code:

sudo useradd ftp_user -p your_password -d /home/ftp -s /bin/false
sudo passwd ftp_user

In ftp directory create a download and an upload directory:
Code:

cd /home/ftp/
sudo mkdir download
sudo mkdir upload

Now we have to set the good permissions for these directories:
Code:

cd /home
sudo chmod 755 ftp
cd ftp
sudo chmod 755 download
sudo chmod 777 upload

3. OK, now go to the proftpd configuration file:
Code:

sudo gedit /etc/proftpd/proftpd.conf

and edit your proftpd.conf file like that if it fit to your need:

Code:

# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on
 
# Choose here the user alias you want !!!!
UserAlias sauron userftp
 
ServerName "Server_Name"
ServerType standalone
DeferWelcome on
 
MultilineRFC2228 on
DefaultServer on
ShowSymlinks off
 
TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200
 
DisplayFirstChdir .message
ListOptions "-l"
 
RequireValidShell off
 
TimeoutLogin 20
 
RootLogin off
 
# It's better for debug to create log files
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log
 
#DenyFilter \*.*/
 
# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off
 
# Allow to restart a download
AllowStoreRestart on
 
# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 1980
 
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8
 
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
 
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
 
PersistentPasswd off
 
MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8
 
# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"
 
# Set /home/ftp directory as home directory
DefaultRoot /home/ftp
 
# Lock all the users in home directory, ***** really important *****
DefaultRoot ~
 
MaxLoginAttempts 5
 
#VALID LOGINS
 
AllowUser userftp
DenyALL
</Limit>
 
<Directory /home/ftp>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
 
<Directory /home/ftp/download/*>
 
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
 
<Directory> /home/ftp/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
 
DenyAll
</Limit>
 
<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Ok you have done proftpd configuration. Your server is on port 1980 (in this exemple) and the access parameters are
user: ftp_user
password: the one you’ve set for ftp_user

4. To start/stop/restart your server:
Code:

sudo /etc/init.d/proftpd start
sudo /etc/init.d/proftpd stop
sudo /etc/init.d/proftpd restart

To perform a syntax check of your proftpd.conf file:
Code:

sudo proftpd -td5

To know who is connected on your server in realtime use “ftptop” command (use “t” caracter to swich to rate display), you can also use the “ftpwho”
command.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close